The file is located on the download page of the major version. For example, the file for Version 6.2.0 and all Version 6.2.x
patches is located on the Firepower Version 6.2.0 landing page.

Note

This hotfix does not carry over if you upgrade to a new major version. For example, if you upgrade from Version 6.0.x to Version
6.1.0, you must reinstall the hotfix after the upgrade.

Version 6.1.0.x Hotfixes

Hotfix Name

Affected Versions

Affected Platforms

Hotfix Filename

Resolved Defects

Hotfix AF

6.1.0

FMC

FMCv

Firepower 7000/8000 series

NGIPSv

ASA FirePOWER

Sourcefire_3D_Defense_Center_S3_Hotfix_AF-6.1.0.2-1.sh

Sourcefire_3D_Device_S3_Hotfix_AF-6.1.0.2-1.sh

Sourcefire_3D_Device_Virtual64_VMware_Hotfix_AF-6.1.0.2-1.sh

Cisco_Network_Sensor_Hotfix_AF-6.1.0.2-1.sh

Resolved an issue where, if a Firepower 8350 device or AMP8350 device produced an unusually large stream of messages on the
serial port console or, if you enabled it, the Lights-out Management (LOM) console, the device became unresponsive. (CSCvc26880)

Hotfix AI

6.1.0

FMC

FMCv

Sourcefire_3D_Defense_Center_S3_Hotfix_AI-6.1.0.2-3.sh

Resolved an issue where an optimization component attempted to connect to the wrong database and caused system issues, such
as high CPU use and general performance degradation. (CSCvc49789)

Hotfix AZ

6.1.0.2

FMC

FMCv

Sourcefire_3D_Defense_Center_S3_Hotfix_AZ-6.1.0.3-1.sh

Resolved an issue where, if you deployed an access control policy containing at least two access control rules referencing
the same intrusion policy but with different variable sets from a Firepower Management Center running Version 6.1.0.2, deployment
failed. (CSCvd10943)

Hotfix AJ

6.1.0, 6.1.0.1

FMC

FMCv

Sourcefire_3D_Defense_Center_S3_Hotfix_AJ-6.1.0.2-1.sh

Resolved an issue where re-establishing high-availability synchronization failed after successfully updating an Firepower
Management Center high-availability pair from Version 6.1.0 or later to Version 6.2.0 failed. (CSCvb96776)

Hotfix CF

6.1.0.1, 6.1.0.2

ASA 5500-X Series with FTD

FTDv: VMware, KVM, AWS

Firepower 4100/9300 with FTD

Cisco_FTD_Hotfix_CF-6.1.0.3-3.sh

Cisco_FTD_SSP_Hotfix_CF-6.1.0.3-3.sh

Resolved an issue where the Firepower Threat Defense device running Version 6.1.0.1 or Version 6.1.0.2 stopped passing traffic
after 213 days of uptime and experienced a range of issues from limited connectivity to a traffic outage. (CSCvd78303)

Hotfix DH

6.1.0.5

Firepower 8000 series

Sourcefire_3D_Device_S3_hotfix-6.1.0.6-48.sh

if you update clustered Firepower 8000 Series stacks configured in a high availability environment to Version 6.1.0.5, the
peers experience continuous failover. (CSCvf66660)

Hotfix DQ

6.1.0.5

FMC

FMCv

Sourcefire_3D_Defense_Center_S3_Hotfix_DQ-6.1.0.6-1.sh

If you deploy an intrusion policy configured to block TCP, UDP, ICMP, or IP scanning, the Firepower Management Center detects
the port scan but does not block it when it should. (CSCve82410)

The file is located on the download page of the major version. For example, the file for Version 6.1.0 and all Version 6.1.0.x
patches is located on the Firepower Version 6.1.0 landing page.

local malware detection updates not downloading to FMC due to invalid certificate chain. (CSCvm81052)

Note

This hotfix does not carry over if you upgrade to a new major version. For example, if you upgrade from Version 6.0.x to Version
6.1.0, you must reinstall the hotfix after the upgrade.

Version 6.0.0.x Hotfixes

Hotfix

Affected Versions

Affected Platforms

Hotfix Filename

Resolved Defects

Hotfix K

6.0.0.1, build 1213

FMC

FMCv

Sourcefire_3D_Defense_Center_S3_Hotfix_K- 6.0.0.2-3.sh

New shared object rules are not pushed down to sensor after SRU update. (CSCuy60529)

Hotfix O

6.0.0.1

FMC

FMCv

ASA FirePOWER managed by ASDM

Sourcefire_hotfix-v6.0.0-o-build_1.sh

Cisco_Network_Sensor_v6.0.0-o-build_1.sh

If you deployed access control rules from either a Firepower Management Center or local management to an ASA Firepower module
managed configured with security zones, the system incorrectly deployed the control rules out of order and incoming traffic
triggered rules that would not have triggered in the desired configuration. (CSCuy99274)

Hotfix AU

6.0.1.1

Firepower 7000/8000 series

Sourcefire_3D_Device_S3_Hotfix_AU-6.0.1.3-1.sh

Resolved an issue where, in some cases, Series 3 devices produced unusually large streams of messages on the serial port console
or, if you enabled it, the Lights-out Management (LOM) console and the device become unresponsive. (CSCvc26880)

The file is located on the download page of the major version. For example, the file for Version 6.0.0 and all Version 6.0.x
patches is located on the Firepower Version 6.0.0 landing page.

local malware detection updates not downloading to FMC due to invalid certificate chain. (CSCvm81052)

Note

This hotfix does not carry over if you upgrade to a new major version. For example, if you upgrade from Version 6.0.x to Version
6.1.0, you must reinstall the hotfix after the upgrade.

Version 5.4.x Hotfixes

Hotfix Name

Affected Versions

Affected Platforms

Hotfix Filename

Resolved Defects

Hotfix CX

5.4.1.8

ASA FirePOWER:

ASA 5506-X, 5506W-X, 5506H-X, 5508-X, 5516-X

ISA 3000

Cisco_Network_Sensor_Hotfix_CX-5.4.1.9-1.sh

Configuring a system policy to use remote NTP server to synchronize time to a system with a registered ASA FirePOWER modules
running a version older than Version 5.4 and experiencing a leap second may cause the system may use a high amount of CPU.
(CSCuv11738)

Hotfix DB

5.4.0.9

ASA FirePOWER:

ASA 5515-X, 5525-X, 5545-X, 5555-X

ASA 5585-X-SSP-10, -20, -40, -60

Cisco_Network_Sensor_Hotfix_DB-5.4.0.10-1.sh

Configuring a system policy to use remote NTP server to synchronize time to a system with a registered ASA FirePOWER modules
running a version older than Version 5.4 and experiencing a leap second may cause the system may use a high amount of CPU.
(CSCuv11738)